From 80c1fb9391d2d5986b3ce7433a6ebc2e62df2525 Mon Sep 17 00:00:00 2001
From: Tim Yates <tim.yates@gmail.com>
Date: Tue, 12 Jul 2022 12:44:17 +0100
Subject: [PATCH 1/2] Get keycloak working, but test still fails

---
 .../e2e/OpenIdAuthorizationCodeSpec.groovy    |  1 +
 .../security/testutils/Keycloak.groovy        | 75 ++++++++++---------
 2 files changed, 42 insertions(+), 34 deletions(-)

diff --git a/security-oauth2/src/test/groovy/io/micronaut/security/oauth2/e2e/OpenIdAuthorizationCodeSpec.groovy b/security-oauth2/src/test/groovy/io/micronaut/security/oauth2/e2e/OpenIdAuthorizationCodeSpec.groovy
index 56fa9a90aa..d692e9e47a 100644
--- a/security-oauth2/src/test/groovy/io/micronaut/security/oauth2/e2e/OpenIdAuthorizationCodeSpec.groovy
+++ b/security-oauth2/src/test/groovy/io/micronaut/security/oauth2/e2e/OpenIdAuthorizationCodeSpec.groovy
@@ -55,6 +55,7 @@ class OpenIdAuthorizationCodeSpec extends GebEmbeddedServerSpecification {
 
     @IgnoreIf({ System.getProperty(Keycloak.SYS_TESTCONTAINERS) != null && !Boolean.valueOf(System.getProperty(Keycloak.SYS_TESTCONTAINERS)) })
     void "test a full login"() {
+
         when:
         browser.go "/oauth/login/keycloak"
 
diff --git a/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy b/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
index a83a3a4507..dda7db96fa 100644
--- a/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
+++ b/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
@@ -1,25 +1,7 @@
-/*
- * Copyright 2017-2021 original authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 package io.micronaut.security.testutils
 
 import dasniko.testcontainers.keycloak.KeycloakContainer
 import org.testcontainers.Testcontainers
-import org.testcontainers.containers.wait.strategy.LogMessageWaitStrategy
-
-import java.time.Duration
 
 class Keycloak {
     static final String SYS_TESTCONTAINERS = "testcontainers"
@@ -48,6 +30,15 @@ class Keycloak {
         Integer.valueOf(issuer.substring(issuer.indexOf("localhost:") + "localhost:".length(),  issuer.indexOf("/realms")))
     }
 
+    private static exec(String... parts) {
+        println "Running command: " + parts.join(" ")
+        def result =  keycloak.execInContainer(parts)
+        println "OUT: $result.stdout"
+        println "ERR: $result.stderr"
+        println "EXIT: $result.exitCode"
+        assert result.exitCode == 0
+    }
+
     static void init() {
         if (keycloak == null) {
 
@@ -55,26 +46,42 @@ class Keycloak {
                     .withAdminUsername("admin")
                     .withAdminPassword("admin")
                     .withExposedPorts(8080)
-                    .withEnv(Map.of(
-                            "KEYCLOAK_USER", "user",
-                            "KEYCLOAK_PASSWORD", "password",
-                            "DB_VENDOR", "H2")
-                    )
-                    .waitingFor(new LogMessageWaitStrategy().withRegEx(".*powered by Quarkus.*").withStartupTimeout(Duration.ofMinutes(5)))
+                    .withContextPath("/auth")
+                    .withEnv(DB_VENDOR: "H2")
 
             keycloak.start()
-            keycloak.execInContainer("/opt/keycloak/bin/kcreg.sh config credentials " +
-                    "--server http://localhost:8080/auth " +
-                    "--realm master --user user --password password"
-                            .split(" "))
-            keycloak.execInContainer("/opt/keycloak/bin/kcreg.sh " +
-                    "create -s clientId=$CLIENT_ID " +
-                    "-s redirectUris=[\"http://${TestContainersUtils.host}*\"] " +
-                    "-s secret=$clientSecret"
-                            .split(" "))
+            // Login
+            exec("/opt/keycloak/bin/kcadm.sh",
+                    "config", "credentials",
+                    "--server", "http://localhost:8080/auth",
+                    "--realm", "master",
+                    "--user", "admin",
+                    "--password", "admin")
+            // Add user
+            exec("/opt/keycloak/bin/kcadm.sh",
+                    "create", "users",
+                    "-s", "username=user",
+                    "-s", "enabled=true",
+                    "-o",
+                    "--fields", "id,username")
+            // Set user password
+            exec("/opt/keycloak/bin/kcadm.sh",
+                    "set-password",
+                    "--username", "user",
+                    "--new-password", "password")
+            // Add client
+            exec("/opt/keycloak/bin/kcreg.sh",
+                    "create",
+                    "--server", "http://localhost:8080/auth",
+                    "--realm", "master",
+                    "--user", "admin",
+                    "--password", "admin",
+                    "-s", "clientId=$CLIENT_ID",
+                    "-s", "redirectUris=[\"http://${redirectUriHost}*\"]",
+                    "-s", "secret=$clientSecret")
             int port = keycloak.getMappedPort(8080)
             Testcontainers.exposeHostPorts(port)
-            issuer = "http://" + getHost() + ":" + port  + "/realms/master"
+            issuer = "http://$host:$port/auth/realms/master"
         }
     }
 

From 071289f479c52543c0de6782f5ba3f173ca27432 Mon Sep 17 00:00:00 2001
From: Dean Wette <wetted@objectcomputing.com>
Date: Thu, 14 Jul 2022 12:20:38 -0500
Subject: [PATCH 2/2] fixing some URLs to match changes to Keycloak 17/18

---
 .../groovy/io/micronaut/security/testutils/Keycloak.groovy | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy b/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
index dda7db96fa..ca3635860f 100644
--- a/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
+++ b/test-suite-utils/src/main/groovy/io/micronaut/security/testutils/Keycloak.groovy
@@ -46,14 +46,13 @@ class Keycloak {
                     .withAdminUsername("admin")
                     .withAdminPassword("admin")
                     .withExposedPorts(8080)
-                    .withContextPath("/auth")
                     .withEnv(DB_VENDOR: "H2")
 
             keycloak.start()
             // Login
             exec("/opt/keycloak/bin/kcadm.sh",
                     "config", "credentials",
-                    "--server", "http://localhost:8080/auth",
+                    "--server", "http://localhost:8080",
                     "--realm", "master",
                     "--user", "admin",
                     "--password", "admin")
@@ -72,7 +71,7 @@ class Keycloak {
             // Add client
             exec("/opt/keycloak/bin/kcreg.sh",
                     "create",
-                    "--server", "http://localhost:8080/auth",
+                    "--server", "http://localhost:8080",
                     "--realm", "master",
                     "--user", "admin",
                     "--password", "admin",
@@ -81,7 +80,7 @@ class Keycloak {
                     "-s", "secret=$clientSecret")
             int port = keycloak.getMappedPort(8080)
             Testcontainers.exposeHostPorts(port)
-            issuer = "http://$host:$port/auth/realms/master"
+            issuer = "http://$host:$port/realms/master"
         }
     }